Application Security Engineer

Overview:

It All Starts with Our People

As the leader in automotive preventive maintenance, Valvoline has a proven track record of growth. We continue to invest in our people, processes, and technology to strengthen our ability to efficiently deliver Quick, Easy, Trusted service across all our stores – every day. We're not just in the car business; we're in the people business. And we're looking for humble, hungry, and smart people to help us shape the future of mobility. If you're hungry to drive change and seek a dynamic, collaborative environment that fuels both personal and professional growth, you've found your place with us.

Our highest priority is creating a welcoming workplace with team members from a wide variety of diverse backgrounds and experiences.

The Opportunity

Valvoline has a rewarding opportunity as an Application Security Engineer. In this role, you will be responsible for designing, implementing, and maintaining security controls to protect Valvoline’s applications and software development lifecycle. This role ensures security is integrated into DevSecOps processes, performs application security assessments, and collaborates with development teams to mitigate risks. The engineer will also enhance security posture by leveraging secure coding practices, security automation, and vulnerability management solutions.

The individual in this position will work closely with product teams, developers, cloud engineers, and business stakeholders to ensure that security is built into the development process from the ground up. They will assess existing application security frameworks, implement new security controls, and provide guidance on secure software development practices.

A strong understanding of secure coding, cloud security, threat modeling, penetration testing, and DevSecOps pipelines is essential.

How You'll Make a Difference

• Work with development teams to integrate security into the software development lifecycle (SDLC), ensuring adherence to secure coding standards and security best practices. (SSDLC)

• Conduct static (SAST), dynamic (DAST), and interactive (IAST) application security testing to identify vulnerabilities in web, mobile, and cloud applications.

• Perform threat modeling and security risk assessments for new and existing applications. Collaborate with developers to mitigate security risks early in the design phase.

• Deploy and manage security tools such as SAST/DAST scanners, Software Composition Analysis (SCA), and CI/CD pipeline security integrations.

• Implement security controls for cloud-native applications, containerized workloads, and APIs, ensuring compliance with industry frameworks such as OWASP API Security Top 10.

• Work with incident response teams to investigate and remediate security vulnerabilities related to applications and software systems.

• Provide security training to developers and DevOps teams on secure coding, threat modeling, and best practices for application security.

• Other duties and responsibilities as determined by Valvoline from time to time in its sole discretion.

What You'll Need to Succeed

• Bachelor's degree in information systems, engineering, management, or related field, or equivalent work experience
• Minimum of five years of experience in application security, secure software development, or DevSecOps
• Minimum of three years of experience implementing security within CI/CD pipelines
• Strong experience securing cloud-based applications (AWS, Azure, OCI, or GCP)
• Strong knowledge of OWASP Top 10, SANS CWE, and application security frameworks
• Proficiency in security tools such as Veracode, Checkmarx, Fortify, Burp Suite, ZAP, or Snyk
• CEH, Security+, or equivalent security certifications (preferred)
• Cloud certification (preferred)
• Experience with secure coding in Python, Java, JavaScript, or C#
• Hands-on knowledge of container security (Docker, Kubernetes) and cloud security best practices
• Understanding of IAM, API security, and Zero Trust principles
• Excellent communication skills with the ability to work cross-functionally with developers and security teams
• Must be authorized to work in the U.S.

We Take Care of the WHOLE You

• Health insurance plans (medical, dental, vision)
• HSA and flexible spending accounts
• 401(k)  
• Incentive opportunity*
• Life insurance
• Short and long-term disability insurance
• Paid vacation and holidays*
• Employee Assistance Program
• Valvoline Instant Oil Change discounts
• Tuition reimbursement*
• Adoption assistance* 

*Terms and conditions apply, and benefits may differ depending on position.

Your Path to Valvoline

Valvoline provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Join us in revolutionizing the automotive aftermarket industry while enjoying competitive benefits, a supportive work culture, and opportunities for advancement. Apply now and become an integral part of our journey at Valvoline.

The Company endeavors to make its recruitment process accessible to any and all users.  Reasonable accommodations will be provided upon request to applicants with disabilities to facilitate equal opportunity throughout the recruitment and selection process.  Please contact Human Resources at 1.833.VVV.Report or email ECC@valvoline.com to make a request for reasonable accommodation during any aspect of the recruitment and selection process.  The contact information is for accommodation requests only; do not use this contact information to inquire about the status of applications.